Vetting Your Vendors

0 0

As you may know, LoanLogics (the company I work for) is a vendor to the mortgage industry. We provide technology, technology platforms, and reporting, to lenders for quality and risk management, MERS reviews, correspondent lending, portfolio monitoring and much more. You can view all our services at our website.

As a service provider we are required by our clients, under CFPB rules and the Gramm Leach Bliley Act, to provide adequate evidence of our physical, networks and information security.

The reason is mainly to ensure that we protect all consumer personal, identifiable information that is transmitted, viewed, stored and/or communicated to us in any way; digital, electronic or paper. This is in addition to evidence of adequate insurance coverage, including cyber security, and our financial condition.

However, it’s odd that when I go out to vet those who may provide services to LoanLogics involving the transfer, transmission, or storage of consumer PII, some either do not have the required information or they just plain ignore my requests. As a result, we are not able to use their services.

It’s important that a lender fully vet all service providers that may have access to any consumer PII, not just their technology and credit providers. This includes companies that handle:

• Verifications
• Document imaging, storage or destruction;
• Closings

At least annually, a review needs to be done of all service providers that may, in any way, shape or form, come in contact with any consumer PII or private company information to ensure the appropriate safeguards are in place for administrative, technical and physical security. The review should ensure:

1. The adequate security and confidentiality of consumer records and information;
2. Protection against any anticipated threats or hazards to the security or integrity of consumer records;
3. No unauthorized access to or use of consumer records or information which could result in substantial harm or inconvenience to any consumer.
4. That the company is protected from unauthorized use and distribution of company information or property

It’s a lender’s responsibility to protect the valuable consumer information with which it is entrusted.  Failure to do so puts the consumer and the company at substantial risk.

One small breach could be catastrophic; not only financially but to a company’s reputation as well.

Don’t let it happen. Know the companies with which you do business and make sure they are just as careful as you are about protecting confidential information.

One more thing, do you have the necessary security in place?

About the Author

Michael Vitali

Michael L. Vitali – Independent Consultant to the Mortgage Industry Mike Vitali is an independent consultant to the mortgage industry on matters concerning compliance and mortgage lending. He most recently served as the Senior Vice President and Chief Compliance Officer for LoanLogics, monitoring regulatory developments and their practical implications for the mortgage lending industry. His duties included research, interpretation, and analysis of existing and proposed legislation related to the industry in support of recommendations for policy and/or procedure changes to maintain continued quality and compliance with all applicable laws, rules and regulations, investor requirements, and standard mortgage practices. In his more than 40 years in the mortgage industry, in senior level management, he has gained experience in all areas of mortgage lending, risk management, and compliance. Mike is a past President of the MBA of Greater Philadelphia, is a charter member and was the second Chairman of the MBA of Pennsylvania, and a past board member and Legislative Chair of both associations. He is a recipient of the 1998 Mortgage Banker of the Year Award from the MBA of Greater Philadelphia, and the 2003 Chairman's Award from the MBA of PA, and currently serves on several compliance related task forces for MBA.